Bump the bundler group across 1 directory with 17 updates

[dependabot]

Bumps the bundler group with 10 updates in the / directory:

Package	From	To
haml	3.1.4	5.0.0
omniauth	1.0.3	1.4.2
omniauth-facebook	1.2.0	1.5.1
rack	1.4.1	1.4.7
uglifier	1.2.3	2.7.2
jquery-rails	2.0.1	3.1.5
ffi	1.0.11	1.16.3
httparty	0.8.1	0.22.0
nokogiri	1.5.2	1.16.5
tzinfo	0.3.32	0.3.62

Updates haml from 3.1.4 to 5.0.0

Changelog

Sourced from haml's changelog.

5.0.0

Released on April 26, 2017 (diff).

Breaking Changes

• Haml now requires Ruby 2.0.0 or above.

• Rails 3 is no longer supported, matching the official Maintenance Policy for Ruby on Rails. Use Haml 4 if you want to use Rails 3. (Tee Parham)

• Remove :ugly option (#894)

• The haml command's debug option (-d) no longer executes the Haml code, but rather checks the generated Ruby syntax for errors.

• Drop parser/compiler accessor from Haml::Engine. Modify Haml::Engine#initialize options or Haml::Template.options instead. (Takashi Kokubun)

• Drop dynamic quotes support and always escape ' for escape_html/escape_attrs instead. Also, escaped results are slightly changed and always unified to the same characters. (Takashi Kokubun)

• Don't preserve newlines in attributes. (Takashi Kokubun)

• HTML escape interpolated code in filters. #770 (Matt Wildig)

    :javascript
      #{JSON.generate(foo: "bar")}
    Haml 4 output: {"foo":"bar"}
    Haml 5 output: {"foo":"bar"}
  

Added

• Add a tracing option. When enabled, Haml will output a data-trace attribute on each tag showing the path to the source Haml file from which it was generated. Thanks Alex Babkin.
• Add haml_tag_if to render a block, conditionally wrapped in another element (Matt Wildig)
• Support Rails 5.1 Erubi template handler.
• Support Sprockets 3. Thanks Sam Davies and Jeremy Venezia.
• General performance and memory usage improvements. (Akira Matsuda)
• Analyze attribute values by Ripper and render static attributes beforehand. (Takashi Kokubun)
• Optimize attribute rendering about 3x faster. (Takashi Kokubun)
• Add temple gem as dependency and create Haml::TempleEngine class. Some methods in Haml::Compiler are migrated to Haml::TempleEngine. (Takashi Kokubun)

Fixed

• Fix for attribute merging. When an attribute method (or literal nested hash) was used in an old style attribute hash and there is also a (non-static) new style hash there is an error. The fix can result in different behavior in some circumstances. See the commit message for detailed info. (Matt Wildig)
• Make escape_once respect hexadecimal references. (Matt Wildig)

... (truncated)

Commits

• 78e2a09 Version 5.0.0
• e5d6409 Note about #770 in Haml 5 changes
• 1bac6f9 Remove JRuby from allow_failures
• d45c2d4 Add backslash for @ to support JRuby
• 8f20707 Enable frozen_string_literal pragma if possible
• a6bb255 Oops, this was not intentional...
• aa4c397 Fix spec in #867 for pretty mode removal
• 11af795 Fallback to default value of preserve option
• bbbeb7e Update CHANGELOG to include #867
• ed7f24f Merge pull request #867 from redoPop/atful-css
• Additional commits viewable in compare view

Updates omniauth from 1.0.3 to 1.4.2

Release notes

Sourced from omniauth's releases.

v1.4.2

Fixes

• Mitigate Hashie regressions

v1.4.1

Security Updates

• Update Rack to => 1.6.2

v1.4.0

Dropped

• Dropped support Ruby 1.8.7

Fixed

• Silence Hashie::Mash logger on Hashie 3.5.0+
• Use secure URL for OpenID asset

Commits

• 9897127 Bump version to 1.4.2
• 6abedb0 Merge pull request #880 from omniauth/hashie
• df7699d Temporary Hashie Regression Fix
• 2dccbb5 Bump version to 1.4.1
• 3c0f586 Merge pull request #878 from omniauth/dependency-updates
• c299e30 Gem updates CI tests
• 949ffca Bump version to 1.4.0
• 0edc7ec Merge pull request #874 from michaelherold/silence-mash-logger
• 00481a9 Silence Hashie::Mash logger on Hashie 3.5.0+
• cb82bb4 Merge pull request #876 from omniauth/secure-asset-url
• Additional commits viewable in compare view

Updates omniauth-facebook from 1.2.0 to 1.5.1

Release notes

Sourced from omniauth-facebook's releases.

v9.0.0 (defaults to FB Graph API 5.0)

What's Changed

• Replace Travis CI with GitHub Actions by @​olleolleolle in simi/omniauth-facebook#350
• addds ruby 3 to CI matrix by @​swiknaba in simi/omniauth-facebook#352
• Gemfile: Simplify away Ruby 2.2 workaround by @​olleolleolle in simi/omniauth-facebook#354
• Change secure_image_url default from false to true by @​swiknaba in simi/omniauth-facebook#346
• Bump Facebook Graph API to v5.0 by @​mstr03 in simi/omniauth-facebook#366

New Contributors

• @​swiknaba made their first contribution in simi/omniauth-facebook#352
• @​mstr03 made their first contribution in simi/omniauth-facebook#366

Full Changelog: simi/omniauth-facebook@v8.0.0...v9.0.0

v7.0.0 (defaults to FB Graph API 4.0)

bumped version of FB Graph API to v4.0

v6.0.0 (defaults to FB Graph API 3.0)

• bumped version of FB Graph API to v3.0

v5.0.0 (defaults to FB Graph API 2.10)

• bumped version of FB Graph API to v2.10

Changelog

Sourced from omniauth-facebook's changelog.

1.5.1 (2013-11-18)

Changes:

• don't use access_token in URL CVE-2013-4593 (@​homakov, @​mkdynamic, @​simi)

1.5.0 (2013-11-13)

Changes:

• remove state param to fix CSRF vulnerabilty CVE-2013-4562 (@​homakov, @​mkdynamic, @​simi)

1.4.1 (2012-07-07)

Changes:

• update to omniauth-oauth2 1.1.0 for csrf protection (@​mkdynamic)

1.4.0 (2012-06-24)

Features:

• obey skip_info? config (@​mkdynamic)
• add support of the :auth_type option to :authorize_options (#58, @​JHeidinga, @​mkdynamic)
• support access_token parameter as part of the callback request (#62, @​steverandy)

1.3.0 (2012-05-05)

Features:

• dynamic permissions in the auth params (#30, @​famoseagle)
• add support for facebook canvas (@​mkdynamic)
• add verified key to the info hash (#34, @​ryansobol)
• add option to use secure url for image in auth hash (@​mkdynamic)
• add option to specify image size (@​mkdynamic)

Changes:

• have raw_info return an empty hash if the Facebook response returns false (#44, @​brianjlandau)
• prevent oauth2 from interpreting Facebook's expires field as expires_in, when it's really expires_at (#39, @​watsonbox)
• remove deprecated offline_access permission (@​mkdynamic)
• tidy up the callback_url option (@​mkdynamic)

Commits

• d2f099d bump 1.5.1
• a0270b8 remove references to state param in docs
• 115c0a7 this does not provide authentication, should not be used
• fd62381 remove now redundant per-request state from signed_request flow (it will fail...
• a3d5375 config travis to build all branches
• 92f3ceb trigger travis CI build
• ccfcc26 fix CSRF vulnerability. prepare 1.5.0 release
• 4845511 bump 1.4.1
• c07e228 update to omniauth-oauth2 1.1.0 for csrf protection
• 8441e6e switch to minitest, see how it goes
• Additional commits viewable in compare view

Updates rack from 1.4.1 to 1.4.7

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

• rack.input is now optional. (#1997, [@​ioquatix])
• Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

• rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
• Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
• MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
• Add .mjs MIME type (#2057, [@​axilleas])
• Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
• set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
• Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
• Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
• In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])

[3.0.11] - 2024-05-10

• Backport #2062 to 3-0-stable: Do not allow BodyProxy to respond to to_str, make to_ary call close . (#2062, @​jeremyevans)

[3.0.10] - 2024-03-21

• Backport #2104 to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. (#2164, @​JoeDupuis)

[3.0.9.1] - 2024-02-21

Security

• CVE-2024-26146 Fixed ReDoS in Accept header parsing
• CVE-2024-25126 Fixed ReDoS in Content Type header parsing
• CVE-2024-26141 Reject Range headers which are too large

[3.0.9] - 2024-01-31

• Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, @​mattbrictson)

[3.0.8] - 2023-06-14

• Fix some unused variable verbose warnings. (#2084, [@​jeremyevans], @​skipkayhil)

... (truncated)

Commits

• f5c0968 bumping version
• bf5bd20 Merge pull request #814 from johnnaegle/only_increment_open_file_count_for_fi...
• e4f4df5 Explicitly fail when hitting the multipart limit
• 1ae52c1 bumping the release
• 88b067e raise an exception if the parameters are too deep
• 688516a Prevent signals from being sent to pid 0
• 9939d40 Bump version number
• 56374f2 Update README for todays releases
• 5c9b0de Prevent symlink path traversals
• 6c39dfc Use secure_compare for hmac comparison
• Additional commits viewable in compare view

Updates uglifier from 1.2.3 to 2.7.2

Changelog

Sourced from uglifier's changelog.

2.7.2 (26 August 2015)

• update UglifyJS to 2.4.24

2.7.1 (27 February 2015)

• fix compatibility with experimental Alaska ExecJS runtime

2.7.0 (8 January 2015)

• copyright comment preservation also includes comments starting with a bang (!)

2.6.1 (1 January 2015)

• update UglifyJS to 2.4.16

2.6.0 (8 December 2014)

• allow metadata to be appended to minified code

2.5.3 (18 July 2014)

• no changes

2.5.2 (18 July 2014)

• update UglifyJS to 2.4.15

2.5.1 (13 June 2014)

• update UglifyJS to 2.4.14

2.5.0 (15 March 2014)

• update UglifyJS to 2.4.13
• process Angular @​ngInject annotations
• add keep_fargs option
• change ascii_only default to true

2.4.0 (19 December 2013)

• update UglifyJS to 2.4.8
• add drop_console compress option

2.3.3 (12 December 2013)

• update UglifyJS to 2.4.7

2.3.2 (1 December 2013)

... (truncated)

Commits

• f15cbb8 Bump version to 2.7.2
• 7d31d54 Disable rubocop
• 9436c6c Lock rubocop to 0.28
• 4677bfe Update UglifyJS to 2.4.24
• 887648d Update UglifyJS to 2.4.23
• f6e43e8 Update UglifyJS to 2.4.17
• 614f120 Update source-map to 0.1.36
• 63ce586 Bump version to 2.7.1
• 1aa4580 Fix alaska runtime setup
• de68b2c Explicitly include Alaska in build matrix
• Additional commits viewable in compare view

Updates jquery-rails from 2.0.1 to 3.1.5

Changelog

Sourced from jquery-rails's changelog.

3.1.5 (18 Apr 2018)

• Updated jQuery 1.12.4

3.1.3 (16 June 2015)

• Fix CSP bypass vulnerability. CVE-2015-1840

3.1.2 (1 September 2014)

• Updated to jquery-ujs 1.0.1

3.1.1 (23 June 2014)

• Updated to jQuery 1.11.1
• Updated to jquery-ujs 1.0.0

3.1.0 (29 January 2014)

• Updated to jQuery 1.11.0
• Updated to latest jquery-ujs
• Added development rake task for updating jQuery

3.0.4 (10 July 2013)

• Fixed jQuery source map

3.0.3 (10 July 2013)

• Updated to jQuery 1.10.2

3.0.2 (04 July 2013)

• Updated to latest jquery-ujs

3.0.1 (07 June 2013)

• Updated to jQuery 1.10.1
• Removed jQuery UI from generator

3.0.0 (29 May 2013)

• Removed jQuery UI

2.3.0 (29 May 2013)

• Updated to jQuery 1.10.0
• Updated to jQuery UI 1.10.3

2.2.2 (29 May 2013)

... (truncated)

Commits

• fa176d4 Upgrade jQuery to 1.12.4
• c211b82 Fix jQuery version download task
• d42f68d Release 3.1.4
• ecf65f0 Fix IE7 bug on isCrossDomain check
• d0be832 Merge branch '3-1-2-sec' into 3-1-stable
• ee1ed3c Release 3.1.3
• 92f2a9d Upgrade jquery-ujs to do proper checks for cross domain requests
• 135ba0f Release 3.1.2
• 1eabddd Update to latest jquery-ujs.
• d3bc214 Merge branch 'master' into 3-1-stable
• Additional commits viewable in compare view

Updates ffi from 1.0.11 to 1.16.3

Changelog

Sourced from ffi's changelog.

1.16.3 / 2023-10-04

Fixed:

• Fix gcc error when building on CentOS 7. #1052
• Avoid trying to store new DataConverter type in frozen TypeDefs hash. #1057

1.16.2 / 2023-09-25

Fixed:

• Handle null pointer crash after fork. #1051

1.16.1 / 2023-09-24

Fixed:

• Fix compiling the builtin libffi. #1049

1.16.0 / 2023-09-23

Fixed:

• Fix an issue with signed bitmasks when using flags on the most significant bit. #949
• Fix FFI::Pointer#initialize using NUM2LL instead of NUM2ULL.
• Fix FFI::Type#inspect to properly display the constant name. #1002
• Use libffi closure allocations on hppa-Linux. #1017 Previously they would segfault.
• Fix class name of Symbol#inspect.
• Fix MSVC support of libtest. #1028
• Fix attach_function of functions ending in ? or ! #971

Added:

• Convert all C-based classes to TypedData and use write barriers. #994, #995, #996, #997, #998, #999, #1000, #1001, #1003, #1004, #1005, #1006, #1007, #1008, #1009, #1010, #1011, #1012 This results in less pressure on the garbage collector, since the objects can be promoted to the old generation, which means they only get marked on major GC.
• Implement ObjectSpace.memsize_of() of all C-based classes.
• Make FFI Ractor compatible. #1023 Modules extended per extend FFI::Library need to be frozen in order to be used by non-main Ractors. This can be done by calling freeze below of all C interface definitions.
  • In a Ractor it's possible to:
    • load DLLs and call its functions, access its global variables
    • use builtin typedefs
    • use and modify ractor local typedefs
    • define callbacks
    • receive async callbacks from non-ruby threads
    • use frozen FFI::Library based modules with all attributes (enums, structs, typedefs, functions, callbacks)
    • invoke frozen functions and callbacks defined in the main Ractor

... (truncated)

Commits

• 6cef66d Bump VERSION to 1.16.3
• 87ca653 Update CHANGELOG for ffi-1.16.3
• a8f7d97 Update link in README.md [ci skip]
• 87ff960 Merge branch 'master' of github.com:ffi/ffi
• c97b825 Add examples from https://github.com/ffi/ffi/wiki/How-to-use-FFI-in-Ruby-Ractors
• c1ed9bc Add link to Ractor docs to README.md
• 13afd23 Merge pull request #1057 from mvz/avoid-frozen-typemap
• 6e29dc1 Avoid trying to store new DataConverter type in frozen TypeDefs hash
• bf21280 Prepare a CHANGELOG entry for ffi-1.16.3
• 683e18b Merge pull request #1053 from larskanis/fix-1052
• Additional commits viewable in compare view

Updates httparty from 0.8.1 to 0.22.0

Release notes

Sourced from httparty's releases.

v0.22.0

What's Changed

• Fix typo in example name by @​xymbol in jnunemaker/httparty#780
• Extract request building method by @​aliismayilov in jnunemaker/httparty#786
• CI: Tell dependabot to update GH Actions by @​olleolleolle in jnunemaker/httparty#791
• Add CSV gem as a dependency for Ruby 3.4 by @​ngan in jnunemaker/httparty#796
• Clear body when redirecting to a GET by @​rhett-inbox in jnunemaker/httparty#783
• CI against Ruby 3.3 by @​y-yagi in jnunemaker/httparty#798
• Bump actions/checkout from 3 to 4 by @​dependabot in jnunemaker/httparty#792
• Allow regexpr on raise errors. by @​ryanfox1985 in jnunemaker/httparty#778
• Avoid anonymous eval by @​casperisfine in jnunemaker/httparty#776
• Lazy load some gems by @​orgads in jnunemaker/httparty#760
• Redirect with authorization credentials to same host for relative paths by @​jasonheecs in jnunemaker/httparty#700
• Drop old ruby support by @​jnunemaker in jnunemaker/httparty#799

New Contributors

• @​aliismayilov made their first contribution in jnunemaker/httparty#786
• @​ngan made their first contribution in jnunemaker/httparty#796
• @​rhett-inbox made their first contribution in jnunemaker/httparty#783
• @​y-yagi made their first contribution in jnunemaker/httparty#798
• @​dependabot made their first contribution in jnunemaker/httparty#792
• @​ryanfox1985 made their first contribution in jnunemaker/httparty#778
• @​casperisfine made their first contribution in jnunemaker/httparty#776
• @​jasonheecs made their first contribution in jnunemaker/httparty#700

Full Changelog: jnunemaker/httparty@v0.21.0...v0.22.0

v0.17.3

No release notes provided.

v0.17.2

No release notes provided.

Changelog

Sourced from httparty's changelog.

Changelog

All notable changes since 0.22 are documented in GitHub Releases.

0.21.0

• escape filename in the multipart/form-data Content-Disposition header
• Fix request marshaling
• Replace mime-types with mini_mime

0.20.0

Breaking changes

• Require Ruby >= 2.3.0

Fixes

• Marshal.dump fails on response objects when request option :logger is set or :parser is a proc
• Switch :pem option to to OpenSSL::PKey.read to support other algorithms

0.19.1

• Remove use of unary + method for creating non-frozen string to increase compatibility with older versions of ruby

0.19.0

• Multipart/Form-Data: rewind files after read
• add frozen_string_literal pragma to all files
• [Better handling of Accept-Encoding / Content-Encoding decompression (fixes #562)](jnunemaker/httparty#729)

0.18.1

• Rename cop Lint/HandleExceptions to Lint/SuppressedException.
• Encode keys in query params.
• Fixed SSL doc example.
• Add a build status badge.

0.18.0

• Support gzip/deflate transfer encoding when explicit headers are set.
• Support edge case cookie format with a blank attribute.

0.17.3

0.17.2 is broken jnunemaker/httparty#681

0.17.2

• Add Response#nil? deprecetion warning

... (truncated)

Commits

• 6e1f154 master => main
• 15c1b4b Release 0.22.0
• 3155f48 Update changelog to point at github releases
• e516b11 Merge pull request #799 from jnunemaker/drop-old-rubies
• 322785d Drop old ruby support
• ca47360 Merge branch 'master' of https://github.com/jasonheecs/httparty into jasonhee...
• b9bd421 Merge pull request #760 from orgads/lazy-require
• 5b25ae9 Merge pull request #776 from Shopify/avoid-anonymous-eval
• 8773af1 Fix regex specs
• baa5e16 Merge branch 'raise_on_regexpr' of https://github.com/ryanfox1985/httparty in...
• Additional commits viewable in compare view

Updates i18n from 0.6.0 to 0.9.5

Release notes

Sourced from i18n's releases.

v0.9.5

• #404 reported a regression in 0.9.3, which wasn't fixed by 0.9.4. #408 fixes this issue.

Thanks @​wjordan!

v0.9.4

• Fixed a regression with chained backends introduced in v0.9.3 (#402) - #405 - bug report / #407 - PR to fix
• Optimize Backend::Simple#available_locales - reports are that this is now 4x faster than previously - #406

v0.9.3

(For those wondering where v0.9.2 went: I got busy after I pushed the commit for the release, so there was no gem release that day. I am not busy today, so here is v0.9.3 in its stead. This changelog contains changes from v0.9.1 -> v0.9.3)

• I18n no longer stores translations for unavailable locales. #391.
• Added the ability to interpolate with arrays #395.
• Documentation for lambda has been corrected. #396
• I18n will use oj -- a faster JSON library -- but only if it is available. #398
• Fixed an issue with translate and default: [false] as an option. #399
• Fixed an issue with translate with nil and empty keys. #400
• Fix issue with disabled subtrees and pluralization for KeyValue backend #402

Thank you to @​stereobooster, @​fatkodima and @​lulalala for the patches that went towards this release. We appreciate your efforts!

v0.9.1

• Reverted Hash#slice behaviour introduced with #250 - See #390.
• Fixed a regression caused by #387, where translations may have returned a not-helpful error message - See #389

v0.9.0

• Made Backend::Memoize threadsafe. See #51 and #352.
• Added a middleware I18n::Middleware that should be used to ensure that i18n config is reset correctly between requests. See #381 and #382.

v0.8.6

Fixed a small regression introduced in v0.8.5 when using fallbacks - See #378

v0.8.5

• Improved error message for MissingPluralizationKey error - See #371
• Fixed a thread issue when calling translate when fallbacks were enabled - See #369

v0.8.4

Reverted #236 - "Don't allow nil to be submitted as a key to I18n.translate" - See #370

v0.8.3

I18n::Gettext#plural_keys will now return a hash from Gettext if no arguments are provided - svenfuchs/i18n#122 Fixed a bug where passing false to translate would not translate that value - svenfuchs/i18n#367

v0.8.2

Do not allow nil to be passed to translate - svenfuchs/i18n#236

... (truncated)

Commits

• 416859a Bump to 0.9.5
• 5c28de8 Lock Rake to 12.2.x versions
• 29fe565 Merge pull request #408 from wjordan/enforce_available_locales_false_fix
• 596a71d store translations for unavailable locales if enforce_available_locales is false
• 888abcb Bump to 0.9.4
• ba8b206 Merge pull request #407 from fatkodima/fix-key-value-subtrees
• 9ddc9f5 Merge pull request #406 from jhawthorn/optimize_available_locales
• 77c26aa Fix Chained backend with KeyValue
• 7eb3576 Optimize Backend::Simple#available_locales
• 7c6ccf4 Bump to 0.9.3
• Additional commits viewable in compare view

Updates json from 1.6.5 to 1.8.6

Release notes

Sourced from json's releases.

v1.8.6

Full Changelog: ruby/json@v1.8.5...v1.8.6

v1.8.5

Full Changelog: ruby/json@v1.8.3...v1.8.5

v1.8.3

Full Changelog: ruby/json@v1.8.2...v1.8.3

v1.8.2

Full Changelog: ruby/json@v1.8.1...v1.8.2

v1.8.1

Full Changelog: ruby/json@v1.8.0...v1.8.1

v1.8.0

Full Changelog: ruby/json@v1.7.7...v1.8.0

v1.7.7

Full Changelog: ruby/json@v1.7.6...v1.7.7

v1.7.6

Full Changelog: ruby/json@v1.7.5...v1.7.6

v1.7.5

Full Changelog: ruby/json@v1.7.4...v1.7.5

v1.7.4

Full Changelog: ruby/json@v1.7.3...v1.7.4

v1.7.3

Full Changelog: ruby/json@v1.7.2...v1.7.3

v1.7.2

Full Changelog: ruby/json@v1.7.1...v1.7.2

v1.7.1

Full Changelog: ruby/json@v1.7.0...v1.7.1

v1.7.0

Full Changelog: ruby/json@v1.6.7...v1.7.0

v1.6.8

Full Changelog: ruby/json@v1.6.7...v1.6.8

v1.6.7

Full Changelog: ruby/json@v1.6.5...v1.6.7

v1.6.6

Full Changelog: ruby/json@v1.6.5...v1.6.6

Changelog

Sourced from json's changelog.

2017-01-13 (1.8.6)

• Be compatible with ancient ruby 1.8 (maybe?)

2015-09-11 (1.8.5)

• Be compatible with ruby 2.4.0
• There were still some mentions of dual GPL licensing in the source, but JSON has just the Ruby license that itself includes an explicit dual-licensing clause that allows covered software to be distributed under the terms of the Simplified BSD License instead for all ruby versions >= 1.9.3. This is however a GPL compatible license according to the Free Software Foundation. I changed these mentions to be consistent with the Ruby license setting in the gemspec files which were already correct now.

2015-06-01 (1.8.3)

• Fix potential memory leak, thx to nobu.

2015-01-08 (1.8.2)

• Some performance improvements by Vipul A M vipulnsward@gmail.com.
• Fix by Jason R. Clark jclark@newrelic.com to avoid mutation of JSON.dump_default_options.
• More tests by Michael Mac-Vicar mmacvicar@gmail.com and fixing space_before accessor in generator.
• Performance on Jruby improved by Ben Browning bbrownin@redhat.com.
• Some fixes to be compatible with the new Ruby 2.2 by Zachary Scott e@zzak.io and SHIBATA Hiroshi hsbt@ruby-lang.org.

2013-05-13 (1.8.1)

• Remove Rubinius exception since transcoding should be working now.

2013-05-13 (1.8.0)

• Fix flori/json#162 reported by Marc-Andre Lafortune github_rocks@marc-andre.ca. Thanks!
• Applied patches by Yui NARUSE naruse@airemix.jp to suppress warning with -Wchar-subscripts and better validate UTF-8 strings.
• Applied patch by ginriki@github to remove unnecessary if.
• Add load/dump interface to JSON::GenericObject to make serialize :some_attribute, JSON::GenericObject work in Rails active models for convenient SomeModel#some_attribute.foo.bar access to serialised JSON data.

2013-02-04 (1.7.7)

• Security fix for JSON create_additions default value and JSON::GenericObject. It should not be possible to create additions unless explicitly requested by setting the create_additions argument to true or using the JSON.load/dump interface. If JSON::GenericObject is supposed to be automatically deserialised, this has to be explicitly enabled by setting JSON::GenericObject.json_creatable = true as well.
• Remove useless assert in fbuffer implementation.

... (truncated)

Commits

• 7f4cfd8 Try to be compatible with ruby 1.8
• 4cf6c62 Update gemspecs
• 48c5e99 Stop testing on 1.8, it might work though
• 5d46fb9 Travis don't know how to build these rubies
• 7f05140 Fix conversion crash on 1.9
• 2bcacc1 Require ruby version 2.0 or better
• f8e2aa6 Reduce supported ruby versions
• b4eeed1 Test newer rubies
• c7a6e31 Use 2.3.1 for testing
• 953f474 Merge RUBY_INTEGER_UNIFICATION changes
• Additional commits viewable in compare view

Updates nokogiri from 1.5.2 to 1.16.5

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

---

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

---

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a...
Description has been truncated